# security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "{{ data.referrer_policy }}" always;<!--

✔ CSP --><span ng-if="isCSP()">
add_header Content-Security-Policy "{{ data.content_security_policy }}" always;</span><!--

✔ HSTS--><span ng-if="isHSTS()">
add_header Strict-Transport-Security "max-age=31536000{{ isHSTSSubdomains() ? '; includeSubDomains' : '' }}{{ isHSTSPreload() ? '; preload' : '' }}" always;</span>

# . files
location ~ /\. {
	deny all;
}<span ng-if="data.expires_assets && data.expires_assets !== data.expires_media">

# assets
location ~* \.(?:{{ extensions.assets }})$ {
	expires {{ data.expires_assets }};<!--

	✘ accessLog --><span ng-if="isAccessLog()">
	access_log off;</span>
}</span><span ng-if="data.expires_media">

# {{ data.expires_assets && data.expires_assets === data.expires_media ? 'assets, ' : '' }}media
location ~* \.(?:{{ data.expires_assets && data.expires_assets === data.expires_media ? extensions.assets + '|' : '' }}{{ extensions.images }}|{{ extensions.audio }}|{{ extensions.video }})$ {
	expires {{ data.expires_media }};<!--

	✘ accessLog --><span ng-if="isAccessLog()">
	access_log off;</span>
}</span><span ng-if="data.expires_svg && data.expires_svg !== data.expires_fonts">

# svg
location ~* \.{{ extensions.svg }}$ {
	add_header Access-Control-Allow-Origin "*";
	expires {{ data.expires_svg }};<!--

	✘ accessLog --><span ng-if="isAccessLog()">
	access_log off;</span>
}</span><span ng-if="data.expires_fonts">

# {{ data.expires_svg && data.expires_svg === data.expires_fonts ? 'svg, ' : '' }}fonts
location ~* \.(?:{{ data.expires_svg && data.expires_svg === data.expires_fonts ? extensions.svg + '|' : '' }}{{ extensions.fonts }})$ {
	add_header Access-Control-Allow-Origin "*";
	expires {{ data.expires_fonts }};<!--

	✘ accessLog --><span ng-if="isAccessLog()">
	access_log off;</span>
}</span>
<span ng-if="isGzip()">
# gzip
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types {{ gzipTypes }};</span>
